Welcome to

At People®, we know that our customers rely on us as an important part of their record keeping and business processes. We take this responsibility seriously, which is why information security is our top priority. This page sets out everything we do to ensure the security and reliability of each component within our software and service delivery.

People® ISO27001 Accredited

People® has been independently audited, and meets the requirements for BS EN ISO 27001:2013 registration. The scope covers how we manage information security in providing online Human Resource Management software and services to our customers. This means that the way we own, store, transfer, access, back up, monitor, test and review our security procedures, has been independently verified to an internationally recognised standard.BS EN 27001:2013 Certificate Number: 16/5077

Data Protection Registration

People® is registered with the Information Comissioner’s Office (ICO). This means we are contractually committed to delivering our services in compliance with the Data Protection Act (DPA). We are also committing to complying with all requirements of GDPR. ICO Registration Number: ZA185401

Proactive Threat Detection

As a customer you are automatically enrolled onto our People Managed Security Service. Actively searching for threats is important for keeping your business safe. That's why we ensure we have a team that monitors and manages our environment 24x7x365, using advanced technology and analytics.

Vormetric Enterprise Encryption

People implements Vormetric Enterprise Encryption with Rotating Keys to protect all your data including uploaded files and documents. Vormetric is the leader in Enterprise Encryption and Key Management for corporations. Vormetric not only encrypts all data at rest, including documents and backups, it also enables privileged user access control, and creates activity logs.

Penetration Testing

We commission regular independent penetration testing of our infrastructure, to ensure we keep our system free from vulnerabilities. With many high profile customers in the financial sector, we recognise the need for tight security at a very technical level. We therefore use a highly-respected penetration testing provider, to ensure we do everything possible to protect your data.

GDPR

People is GDPR compliant. Our data protection officer is Sukhjinder Singh, who is a General Data Protection Regulation (GDPR) Practitioner.

The General Data Protection Regulation expands and standardises data protection across the whole of the EU and came into force on May 25 2018.

Rackspace – Trusted Globally

Information Security Frequently Asked Questions

Our Information Security team is responsible for ensuring our InfoSec policies are compliant, and properly implemented. They also handle many of the InfoSec questions raised by our clients. To help you find key answers quickly, we have compiled and consolidated some of the most frequently asked questions below:

Who owns our data? Your data belongs to you. As our customer, you are classed as the ‘data controller’. As your supplier, we are classed as the ‘data processor’.

What happens to our data when we leave? We provide you with an export of all your data, and then remove it from our systems within 45 days. Any documents you uploaded will be returned in their original format. Anything else is sent in CSV format.

How often is our data backed up? Your data is backed up per transaction (each time you do something), per hour, and per night. In the event of a total failure, our infrastructure within the data centre means we can recover your data quickly and reliably (see Rackspace.co.uk below). If you have particular governance rules, you may also create your own backups using our offline backup tool.

Where is our data stored – and is it safe? We store your data in Rackspace’s state-of-the-art data centre in London, UK. Rackspace protects the servers where your data is stored and managed, through biometric access controls, constant surveillance, redundant power feeds and generators, robust fire suppression, and carefully monitored climate control. In keeping with Data Protection Act requirements, we guarantee that your data will never be moved outside of the EEA (European Economic Area). Your data is also encrypted using TLS and AES.

Who can access my data? Only you, and a small number of vetted and authorised People® personnel, can access your data. Any member of this specialist People® team, will only ever access your data to perform specific tasks on your request via our support desk – and any action they take is logged and easily auditable. Access to any sensitive data is extensively logged, and requires fixed IP addresses and two-factor authentication.

What type of Firewalls do you use? The People® application, and any data you store within it, is protected by Cisco-powered firewalls.

System Status

Check our uptime or downtime, anytime (in real-time). When it comes to our System Status, we have nothing to hide and want you to know whatever we do. Get an update now: